SYSTEM ANG METHOD FOR DETECTING MALIGNANT CODE OF ANALYSIS AVOID TYPE

摘要

Disclosed is a malignant code detection system capable of accurately detecting a malignant code in a widows environment. According to the present invention, the malignant code detection system comprises: a virtualization analysis server to extract first API call information called by a malignant code at a user level by executing a first malignant doubt execution file through a virtualization agent, and first kernel action information at a kernel level; a malignant code management server to detect a first malignant code by applying the first API call information and the first kernel action information to a predetermined malignant code ruleset; and a real time analysis server to extract second API call information called by the malignant code at the user level by executing a second malignant doubt execution file wherein the first malignant code is not detected, and second kernel action information at the kernel level. Thus, the malignant code detection system can more accurately detect a malignant code than the existing one by detecting the malignant code and even an analysis avoidant malignant code from an execution file through a virtualization analysis and a real machine analysis.